Increasing Trust By Protecting Personal Data

[I was a member of the team that created Aadhaar, and continue to stay involved in the creation and evangelisation of the India Stack. As a result, I take part in many conversations around personal identity data. I also believe that users must be able to control their data, and its use.

As a country, we are moving from a world of paper and registers to a new digital, online world. This is the right direction to go. But, issues around the use of personal identity data are beginning to grow, and it is time to consider ways to protect users, and to respect their trust. To this end, I thought that it would be worthwhile to use a simple use case – look at the essence of it, and explore these issues.]

Identity as a source of trust

To buy a SIM card, Ram provides an identity document. The agent copies this document. The telecom company keeps it as proof of KYC compliance. The company also creates a customer record and provides services to the customer. Ram follows a similar process for setting up many different types of relationships. For example, while banking or being employed. 

Trusted identity information, and verification form the basis for setting up these relationships.

Ram may also have to prove his identity while using services. For example, when operating a bank account, or when entering an airport.

A trustworthy verification process allows for smooth access to services and transactions.

Risks

But, Ram risks misuse of his personal data in this process. Let’s look at these risks:

  1. The agent may keep an extra copy of his identity document.
  2. Someone may misuse his document to setup an account in his name without his knowledge.
  3. Someone may misuse his document to take over an existing relationship.
  4. Someone may steal his identity information from the company.
  5. Someone may be able to infer something about him from his behaviour across companies.

Identity theft, data leakage, and surveillance are not new risks, but they have become concerns with digitisation.

Mitigation

But, digital systems also provide better ways to protect Ram, and his data:

  1. Remove the need for an identity at all.
  2. Remove paper copies of the identity document – use a digital version, and protect it.
  3. Alert him on use of his identity
  4. Use different identity documents to prevent linkage.
  5. Strengthen current laws, or make new ones to dissuade bad behaviour.

Types of Data

Any conversation on the use of identity data would be incomplete without looking at the different types of data.

  • Basic Identity attributes of a person. For Example, Name, Address
  • Transaction Data. For example, purchase transactions, banking transactions, phone calls.
  • Data Aggregates – Information based on a collection of data.
  • Behavioural Data – Inferences from transaction data, possibly from different types of transactions.

All conversations around data use, consent, risks, and protection must take into account these different data types.

Interactions as a source of trust

As Ram uses the service, his trust in the reliability of service goes up. At the same time, the service provider trusts Ram more, and may increase various limits, etc.

This is true in other types of relationships as well, employees who stay longer are trusted more.

Aggregated transactions, and behavioural data also increase trust.

Role of consent
In many situations, there is no privacy policy; the user is not informed about the collection of data; and consent is not sought.  In other situations where the user gives consent, it may not be well informed.  Some examples include:

  • Overly broad consent
  • Click accept agreements which are not read
  • Policies that may be modified without notification

The consent process needs to change.  Users must know what to expect from a service provider, and be able to hold them accountable to meet these expectations.

Transparency as a source of trust

Certain services must be transparent to stakeholders and publish data. For instance, a company may publish salaries of top management to gain the trust of shareholders. Similarly, some public service providers may publish list of services delivered with beneficiary details.

Questions

In this context, I would like to frame the following sets of questions:

  1. Trust originates from identity verification, and interactions. Forgery and misrepresentation erode this trust. How do we enable the trust, even in the presence of intermediaries? How do we make this trust bi-directional, so that the user knows more about the company that he / she is dealing with?
  2. Employee records, customer lists, etc. contain identity information. How can companies protect these against theft, leakage and misuse? How can users ensure that their data is not stolen?
  3. How can companies inform users about the use of their personal data use, when asking for consent? How can users verify that the company is not doing anything different?
  4. How can public entities meet transparency requirements while being sensitive about personal data? How can users ensure that their data is not leaked? How can other stakeholders hold the service provider accountable with reduced data?

 

Looking forward to your answers and thoughts in the discussions below.

17 thoughts on “Increasing Trust By Protecting Personal Data

  1. https://solid.mit.edu/ – decoupling data and applications. This project is still in the early days though

    Also, biometrics shouldn’t be used in anyway as it’s trivial to clone –
    -https://amp.theguardian.com/technology/2014/dec/30/hacker-fakes-german-ministers-fingerprints-using-photos-of-her-hands

    Would losing my phone would mean I lose control? As notifications of my biometrics/data/consent being used would be sent on my phone right?

    1. Solid is an interesting project, and we are certainly looking at it!

      BTW, I specifically wanted to stay away from Aadhaar in this discussion, since that hijacks the entire discussion 🙂 What I will take away from your comment is that you dont trust biometrics as a means of authentication.

      On notifications as a mitigation strategy, while they would be sent to your email / messaging service, they could also be available as a ‘statement’, and thus not be ephemeral. However, you would not have access to the notifications for the period that you dont have your phone.

  2. Here are a few thoughts specific to Aadhaar Card

    1. No Sharing of photo copies or full number of Aadhaar Card
    2. Verification documents needs to mention only the last 4 digits of the Aadhaar Card and full Telephone number.
    3. Complete Verification can be done using an IVRS system, where the user can enter the full Aadhar Card number. Solves for verification and consent, both.
    4. Document collection to be replaced with bio-metric authentication during physical verification of proofs.
    5. First the customer verifies their bio-metric and enters full aadhaar card details. Then the verifier enters their bio-metric and over IVRS verifies the photo, name, and address of the customer.
    6. Two factor authentication. For extra security, a two-factor authentication can be used. Biometric and a pin.
    7. All verification becomes a case id at a centralised body. The service providers maintain only the case id, in their records.
    8. In case of verified data requirement by the police, or authorities, they can have access to the case ids and the recordings.
    9. Provide a physical card with only last 4 digits of the aadhaar card visible. This could be used for photocopy, and other identity verification purposes. (The practice of photocopy will take time to replace.)
    10. Educate users that Full Aadhaar card number is private, and should only be disclosed in an IVRS system.

    There could be few border cases which needs to be worked upon.

    1. BTW, I specifically wanted to stay away from Aadhaar in this discussion, since that hijacks the entire discussion 🙂

      That also takes away the attention that must be given to the overall digitization which is happening. Personal Identity data must be protected, whether it contains Aadhaar, or not.

      1. “I was a member of the team that created Aadhaar, and continue to stay involved in the creation and evangelisation of the India Stack”

        How were you planning to stay away from Aadhaar in this discussion with that opening statement? 🙂

  3. Hi Sanjay,

    My two cents on this. Best way for companies (banks FIs etc) to protect the data is to enable all their on boarding systems to incorporate ingesting the information digitally preventing any paper trail. One way is perhaps to see how transactions are verified – digital bs physical paper is measured and organization’s start metricing this the way they metric digital transactions (netbanking etc) are metriced as a proportion of total transactions and get them to publish the data. Banks can be incentivized in some form for not having paper verification.

  4. To protect personal data, understand that personal data is owned by the concerned person, and not the entity storing it.
    That means that the individual should have complete control on usage, modification, creation and retention. If an organisation does not allow complete control, it effectively means that it is asserting ownership over personal data. Do not trust such organisations.

    1. Yes, that is the starting point – ensure that the data ownership stays clearly with the person whose data it is. However, that person provides access to that data to someone else in return for getting into a relationship, (for ex. banking, loans, property rental, employment). Sharing of data, and identity verification creates the trust for that relationship to happen, and to add value to people’s lives.

      What we would look for is clarity such that both parties know, and can enforce their rights to this data. This may be a technology solution (or not), backed by law. Since the individual is the ‘weaker’ party, the onus of protection must be on the service provider.

      1. I would simply not like to share personal data with anyone. Not even banks. If UIDAI cannot even provide anonymity, then of what use is it? UIDAI is in a position to provide secure authentication tokens for subscribers. The bank does not even need to know my name!

  5. Sanjay, Lets solve this challenge together by using Blockchain technology (one solution). This will empower people (individuals) to own, manage, control and share their data. In addition if their data is further shared to others by recipients, owner gets a notification. The technology enables transparency, traceability, reliability(encryption), robustness and build TRUST. We need to ensure that there is a certifier (govt institutions – Aadhar APIs etc) of this individual data (and/or self certification) as required by inquirer (banks etc). Bottom line is EMPOWER PEOPLE to own, control and manage their data.

      1. Sorry Sanjay for the delayed response, I just checked now. Lets meet up and discuss this in details but the blockchain technology provides all structural constructs of managing, sharing, controlling and tracking your data – take bitcoin currency as example in your mind and you can easily relate to all above aspects which empowers each individual to take control and manage thier own data and we can provide a way of MONETIZATION of their personal data to locals and globals for $$ – thereby empowering 1.2B indians. We can meet up and I have access to some good IITians with Blockchain tech to implement this on DigiLocker first……..after which I would like to take this concept much further (to many aspects of human life) including towards individual health-data. Feel free to call +91 9611 666777

  6. Sanjay, Lets solve this problem together by using Blockchain technology (on solution). Lets empower people to own, control, manage and share their own data. Provide encryption of personal data and ability to share and any time the personal data is share by other the owner (individual) gets a notification, thereby enabling trace ability, transparency, openness, reliability, robustness hence building TRUST. We need to have the govt (like for Aadhar, birth/death certificate) (or others) reputable institutions providing the certification of personal data.

  7. Some thoughts

    It will be unfair to assume a level playing field between service providers and consumer, thus the responsibility and accountability of former will always be high.

    The assumption that digital copies are automatically secure than physical is incorrect.

    The risks pointed out are only few. There are risks of data sharing, client profiling, surveillance, losing of data etc.

    The need for comprehensive data protection and privacy laws is missing

  8. Thinking aloud, as am no techie. But one of the biggest concerns people have is vendors saving our biometrics/data & later misusing it. Can along with everything, we have an auto-destroy of our data post verification, like snapchat has? (Not sure if its possible).

  9. When the “largest centralized repository of human biometrics ever created” is hacked into and more than billion people are affected, you guys will surely be remembered as part of cautionary tale for generations to come all around the world. If you haven’t already please read “Antifragile” by nassim taleb & reflect upon it.
    – A fellow programmer and a concerned citizen of India

Leave a Reply